Educause Security Discussion mailing list archives
Re: Rethinking the DMZ
From: Harry Hoffman <hhoffman () IP-SOLUTIONS NET>
Date: Thu, 30 Aug 2012 21:09:23 -0400
Heya Jason, Our mantra has always been: "Each host on our network must be able to protect itself" and so we don't have a DMZ. Every host is meant to be running a host based firewall that allows for specific services to be accessible from predetermined locations. That doesn't mean that having backup access controls in place is a bad thing. Cheers, Harry On 08/30/2012 05:09 PM, Youngquist, Jason R. wrote:
We are thinking about changing our network architecture. As our network has grown and the complexity of our public facing systems and connectivity needs of those systems has increased, we are wondering what value our DMZ delivers. As an example, public facing systems in the DMZ that require access to LDAP/AD for AAA, SQL for database lookups, Exchange for mail delivery and relay, etc. For those of you with non-trivial public facing systems, where do you draw the balance line between security and access? If our most visible public facing systems (most likely to be attacked) require internal AAA & SQL access, what are we protecting? Given current system requirements and the evolution of security, are the reasons for setting up a DMZ 15 years ago still valid, and is the value of maintaining a DMZ worth the associated costs and if not, what are the alternatives? Thanks. Jason Youngquist, CISSP Information Technology Security Engineer Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu <mailto:jryoungquist () ccis edu> http://www.ccis.edu
Current thread:
- Rethinking the DMZ Youngquist, Jason R. (Aug 30)
- Re: Rethinking the DMZ Jeff Moore (Aug 30)
- Re: Rethinking the DMZ Joel Rosenblatt (Aug 30)
- Re: Rethinking the DMZ Harry Hoffman (Aug 30)
- Re: Rethinking the DMZ John Hoffoss (Aug 31)
- Re: Rethinking the DMZ Julian Y Koh (Sep 04)
- Re: Rethinking the DMZ Deke Kassabian (Sep 04)
- Re: Rethinking the DMZ Haines, Ena (Sep 06)
- Re: Rethinking the DMZ John Ladwig (Sep 06)
- Re: Rethinking the DMZ Mike Caudill (Sep 06)
- Re: Rethinking the DMZ Jeff Kell (Sep 06)
- Re: Rethinking the DMZ Mike Caudill (Sep 06)
- Re: Rethinking the DMZ Deke Kassabian (Sep 04)
- Re: Rethinking the DMZ David Byers (Sep 06)
- Re: Rethinking the DMZ Justin Azoff (Sep 06)